Xion Audio Player build 155 Stack Based BOF

vendor:

Xion Audio Player

by:

Un_N0n

9,3

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Xion Audio Player

Affected Version From: 1.5 (Build 155)

Affected Version To: 1.5 (Build 155)

Patch Exists: YES

Related CWE: N/A

CPE: a:xion_software:xion_audio_player

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 x86(32 BIT)

2015

Xion Audio Player build 155 Stack Based BOF

Xion Audio Player build 155 is vulnerable to a stack based buffer overflow when a malformed MP3 file is dragged into the application. The crash can be reproduced by replacing the details of the legit MP3 file with large number of 'A's or any other random value.

Mitigation:

Upgrade to the latest version of Xion Audio Player.

Source

Exploit-DB raw data:

********************************************************************************************
# Exploit Title: Xion Audio Player build 155 Stack Based BOF.
# Date: 8/19/2015
# Exploit Author: Un_N0n
# Software Vendor : http://www.xionplayer.com
# Software Link: http://www.xionplayer.com/page/download
# Version: 1.5 (Build 155)
# Tested on: Windows 7 x86(32 BIT)
********************************************************************************************

[Steps to Produce the Crash]:
1- open 'Xion.exe'.
2- Drag the malformed MP3 file into Xion Audio Player.
~ Software will Crash.

[Creating Malformed MP3 File?]: 
>Replace the details of the legit MP3 file with large number of "A"s or any other random value.


**********************************************************************************************